Access control to the API is always controlled by an API key that identifies a particular user. Usually, this API key is generated on the website and then copied into your third party application. It is now possible for registered applications to generate new API keys for each user on the fly by making a special API request.
Note: Each application using this approach is required to provide an application key to identify what application is requesting the API key. For more information on obtaining application keys please contact [email protected].
Note: If you already have an API key, you do not need to use the Login API.
- HTTP Method:
- Content-Type - application/x-www-form-urlencoded
Accept - optional - To request a JSON formatted response, send "application/json"
- POST Variables:
- user - The user's email address.
- password - The user's password.
- applicationKey - The application key provided to you by BambooHR.
- deviceId - Optional - An ID for the user's mobile device. This deviceId can be generated when the app is first installed on a device, and should be unique enough to prevent collisions between users within the same company.
On success, an HTTP 200 response code and an XML snippet will be returned. The snippet includes the API key to use when making requests for this user and the user's ID. If the user is currently associated with an employee, then the employee ID is returned as well. If not, then the
tag will be ommitted.
On failure, an HTTP response in the range of 400-599 and a small snippet of XML indicating failure will be returned.
Note: the association of users to employees is under the control of the account administrator. The employee ID may change if the administrator updates the user.
- Sample Request (with HTTP Headers):
Sample successful response (HTTP response code=200):
<auth> <response>authenticated</response> <userId>1</userId> <employeeId>25</employeeId> <key>e254c96d97a12dc561f56d8713e58ac6c2a8c166</key> </auth>
Sample failed response (HTTP response code=400-599):
<auth> <response>declined</response> </auth>
Have more questions? We're here to help, so please contact us